In third generation (3G) Universal Mobile Telecommunications System (UMTS) and in particular in its evolved version Service Architecture Evolution/Long Term Evolution (SAE/LTE), also referred to as Evolved Packet System (EPS), the concept of home base stations is introduced.
In 3G systems a home base station is referred to as a Home Node B (HNB) whereas in EPS it is referred to as a Home eNodeB (HeNB). A cell served by a HNB or a HeNB is commonly referred to as a femtocell. A home base station is assumed to be placed in a private home, utilizing the home owner's fixed broadband connection to access the core network. It is also assumed that the owner of the home base station handles the actual physical installation of the home base station. Hence, the deployment of home base stations cannot be planned, since it is largely outside the control of the operator. Another important property of the home base station concept is the potentially very large number of home base stations.
In the description below, a 3G Home Node B is abbreviated HNB, an EPS/LTE Home eNodeB is abbreviated HeNB and the abbreviation HN is used to denote either a 3G Home Node B or an EPS/LTE Home eNodeB.
A HN connects to the operator's network via a secure tunnel (supposedly IPsec protected) to a security gateway at the border of the operator's network. Via this tunnel the HN connects to the core network nodes of the operator's core network e.g. MME (Mobility Management Entity) and S-GW (Serving Gateway) via the S1 interface in EPS or SGSN (Serving GPRS Support Node) and MSC (Mobile Switching Center) (or MGW (Media Gateway) and MSC server) via the Iu interface in 3G UMTS. A 3GPP (third generation partnership project) operator may also deploy a concentrator node in its core network between the HNs and the regular core network nodes. In the EPS standardization such a concentrator node is commonly referred to as a HeNB Gateway, which may be an optional node in EPS HeNB solutions. The corresponding node name in 3G UMTS standardization is HNB Gateway and this node is mandatory in 3G HNB systems.
For both EPS and 3G UMTS the HN uses a broadband access network as (part of the) transport network. A possible NAT (Network Address Translation) between the HN and the 3GPP network is not a problem for the IPsec tunnel, because IKEv2 (Internet Key Exchange version 2), which can handle NAT traversal (i.e. activate UDP (User Datagram Protocol) encapsulation for ESP (Encapsulated Security Payload) traffic as needed), is assumed to be used for the IPsec tunnel establishment.
Through this setup a UE communicates via the HN and the core network like any other UE.
The HN concept is closely related to the concept of Closed Subscriber Group (CSG). A femtocell is also assumed to be a CSG cell. This means that only a selected group of subscribers, i.e. a closed subscriber group, is allowed to access the network through that cell. The CSG of a CSG cell is identified by a CSG ID, which is broadcast in the cell as a part of the system information. Typically each CSG cell has its own unique CSG ID but it may also be possible to define the same CSG ID for multiple cells, thereby forming a CSG zone, in which the same selected group of subscribers is allowed access. Although a CSG cell in principle does not have to be a femtocell, the two terms are often used as synonyms.
Hence, all subscribers are not allowed to access a certain HN and a certain subscriber is not allowed to access all HNs. Under supervision of the operator the owner of a HN defines which subscribers are allowed to access a femtocell (CSG cell) of the HN (i.e. which subscribers are included in the CSG of the femtocell). This is assumedly done through a web interface (or other “interface” between the HN owner and the operator), and the CSG data or HN access list (which is an equivalent term assuming that the HN only serves one CSG) is stored in a database in the operator's network. The HN owner would assumedly enter the allowed subscribers in the form of ISDN (Integrated Services Digital Network) numbers (Mobile Subscriber ISDN Number, MSISDN) or IMSIs (International Mobile Subscriber Identity) of the concerned subscribers.
The CSG data, or HN access list, is reflected in so-called CSG Whitelists, also known as Allowed CSG Lists, associated with the concerned UEs. Each UE has a CSG Whitelist, which includes the CSG ID of each CSG the UE or more precisely the subscriber using the UE is included in, i.e. the CSG ID of each femtocell the UE (i.e. the subscriber) is allowed to access. (It should be noted that a CSG is actually associated with a group of subscribers rather than UEs, but for simplicity the term UE is also used as the entity of which a CSG is formed in this specification. Similarly, a CSG Whitelist is actually associated with a subscriber—not a UE, but for simplicity the text also uses the UE as a “proxy” for the subscriber using it, such that a CSG Whitelist may be referred to as belonging to the UE and the UE may be said to be allowed or not allowed access to a CSG cell.)
Further, the CSG Whitelist of a subscriber is stored centrally in the operator's network, e.g. in the HSS (Home Subscriber Server) together with other subscriber data or in a special database e.g. denoted Access Control Database (ACDB). The CSG Whitelist is also stored in the UE (e.g. in the USIM (Universal Subscriber Identity Module)), so that the UE itself can determine whether it is allowed to access a certain CSG cell or not (in order to avoid useless access attempts). The CSG Whitelist is transferred from the network to the UE via OMA DM (Open Mobile Alliance Device Management), NAS (Non-Access Stratum) signaling or Over-The-Air (OTA) USIM configuration technology (or SMS (Short Message Service)). Furthermore, in EPS the CSG Whitelist of a UE is downloaded to the MME serving the UE, so that the MME can perform CSG based access control of UEs requesting network access via a CSG cell. This mechanism is likely to be similar in 3G, utilizing a node corresponding to the MME, i.e. the SGSN and/or the MSC (server).
The search for allowed CSG cells is left to the UE to handle autonomously. To identify an allowed CSG cell the UE must read the CSG ID from the system information broadcast in the cell and compare it with the CSG ID(s) stored in its CSG Whitelist. When a match is found the UE has discovered an allowed CSG cell. To make the search for an allowed CSG cell more efficient the UE is assumed to utilize a so-called “fingerprint” of the CSG cell location. The exact mechanisms of such a fingerprint aided cell search are not standardized and will be up to each UE vendor to design. However, typically a fingerprint is obtained by listening to transmissions from the macrocells (i.e. regular non-femto cells) in the area of the allowed CSG cell. Transmissions from both LTE cells, 3G cells and 2G cells may be utilized to form a “signature”/“fingerprint” of the location of the CSG cell. Transmitted data that may be useful indications include e.g. cell identities (E-CGI (E-UTRAN Cell Global Identity) in EPS and CGI (Cell Global Identity) in 2G/3G), registration area identifiers, such as TAIs (Tracking Area Identities) in EPS, LAIs (Location Area Identities) and RAIs (Routing Area Identity) in 2G/3G and URA (UTRAN registration area) identities in 3G. Other types of radio transmissions could potentially also be used to provide input data to the fingerprint, e.g. WLAN transmissions. The UE learns the fingerprint, i.e. records relevant received data which can be used to identify the location of a CSG cell, when it is present in the cell. Later, when searching for the CSG cell or before searching for the CSG cell the UE scans the radio environment and when it receives an indication of a fingerprint match i.e. sufficiently many of the pieces of data constituting the fingerprint match the received ones, the UE determines that it is worthwhile to check the CSG ID of detected potential CSG cells.
An EPS/LTE identifier that is important in the context of allowed CSG cell discovery is the Physical Cell Identity, PCI. Each cell is assigned one out of 504 possible PCIs. The PCI is broadcast on layer 1 in the cell. Knowledge of the PCI is required in order for a UE to correctly decode any downlink transmission in the cell. Thus, the PCI is used to distinguish cells from each other and to enable decoding of downlink transmissions. Since 504 different PCIs are not enough to give every cell a unique PCI, the PCIs are reused in the radio network. The PCI may however uniquely identify a cell within a restricted location, provided that careful PCI planning is used or other methods to ensure that the PCIs are not too densely reused. Such local uniqueness is utilized when handover candidates are identified and the PCI is hence the only cell identifier that is associated with the measurement reports a UE sends to its serving eNB (eNodeB). However, when femtocells are deployed, many macrocells will have too many femtocells as neighbors for the PCI range to provide uniqueness to the neighboring femtocells. When the PCI is not enough to uniquely identify a cell (e.g. when the PCI is not locally unique or when a UE reports an unknown PCI to the eNB or during idle mode cell (re-)selection), the UE must retrieve the cell's global cell identity (i.e. the PLMN ID+E-CGI in EPS/LTE) from the system information that is broadcast in the cell. (The PLMN ID consists of a Mobile Country Code (MCC) and a Mobile Network Code (MNC)). Retrieving this information is much more time and resource consuming than retrieving the frequently broadcast layer 1 identifier PCI. The global cell identity is broadcast much less frequently (a low-power transmission every 20 ms and the UE soft-combines several such transmissions to safely decode the information) and its reception requires that the UE has first received the PCI and synchronized with the cell's transmissions. Hence, much more time and power is consumed when the UE receives the global cell identity than when receiving only the PCI.
Searching for allowed CSG cell(s) may consume a lot of time and battery power in a UE, especially in an environment with densely deployed femtocells. The retrieval of the CSG ID requires synchronization and reading of the relatively infrequently transmitted system information. Active UEs (i.e. UEs in connected state), have to use natural gaps in the transmission (DRX) to scan for CSG cells and retrieve their CSG IDs instead of saving power. Idle UEs have to receive the system information of detected cells to retrieve the CSG ID (instead of just measuring the reference signal) to be able to appropriately evaluate them for potential cell (re-)selection.
The purpose of the fingerprint concept is to reduce the amount of resources consumed for search and discovery of allowed CSG cell(s) by more or less restricting these procedures to areas in the vicinity of allowed CSG cell(s). However, a problem is that within the area that matches the fingerprint, there may well be numerous (e.g. dozens of) other CSG cells in addition to the allowed CSG cell. Hence, even with use of a good fingerprint the UE may have to go through the complete search and identifier retrieval procedure (including CSG ID retrieval) with many (e.g. dozens of) other CSG cells for every successful discovery of its allowed CSG cell.
There is an obvious risk that unless efficient methods are developed to minimize the resources consumed for CSG cell discovery, UEs which are allowed CSG access (and which consequently will attempt to discover allowed CSG cell(s)) will spend excessive resources on search and discovery of allowed CSG cell(s), so that their battery lifetime (standby time etc.) may be significantly reduced. This is also what early trials imply. Shorter UE battery lifetime for CSG users will be difficult to understand for users and will hardly be perceived as acceptable by either operators or users.